Michele Orru antisnatchor at gmail.com
Thu Jun 23 12:48:39 EDT 2011

Hi Jason,

too understand the real impact of XSS, meaning what you can really 
obtain, except from Robert links
take also a look at BeEF (http://code.google.com/p/beef/). We are 
developing a lot of cool ideas that can be done
exploiting even a simple reflected XSS (or DOM-based one).

Feel free to ask questions on our mailing lists (very low traffic).


> ------------------------------------------------------------------------
> 	Jason Drury <mailto:druryjason at yahoo.com>
> June 23, 2011 6:15 PM
> Hello,
> During a recent web pentest I found an input vulnerable to XSS. The 
> developers have come back to me saying they resolved the issue, but 
> upon retesting I found it still vulnerable to the following 
> string: \";alert('XSS');//
> Just for my own education, can anything malicious be done with such a 
> string or is the extent of the damage a popup box (which is what I 
> currently get).
> Thank you,
> Jason
> _______________________________________________
> The Web Security Mailing List
> WebSecurity RSS Feed
> http://www.webappsec.org/rss/websecurity.rss
> Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
> WASC on Twitter
> http://twitter.com/wascupdates
> websecurity at lists.webappsec.org
> http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20110623/4cabe7b2/attachment-0003.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: compose-unknown-contact.jpg
Type: image/jpeg
Size: 1421 bytes
Desc: not available
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20110623/4cabe7b2/attachment.jpg>

More information about the websecurity mailing list